> On 07/17/07 11:06, Heiko Wundram (Beenic) wrote: > > On Tuesday 17 July 2007 10:52:43 Volker wrote: > >> <snip> > >> Relying on a zone transfer doesn't seem to be reliable to me as more > >> than half of the root servers doesn't reply to AXFR requests. > > > > I've heard pretty much the same thing as you did wrt. root name servers > > denying AXFR, but as "it works" (TM), I don't see a reason not to use it. A > nd > > it seems that the author of the FreeBSD default named.conf thought likewise > , > > which is pretty okay with me (from the experience I gathered this morning). > > > > By the way: using the roots as hints only adds to the number of requests yo > ur > > server has to do in order to retrieve first-level domain name servers, so i > n > > the end, the transmitted data should be way higher than doing one AXFR to > > find them (simply because you'll see a large subset of those toplevel domai > ns > > being requested when you're publically offering a DNS server). And the data > > > is also cached on an AXFR in persistant storage, which is another major > > benefit (for me). > > > > Remember, AXFR requires a TCP transfer and not every firewall will > happily let it pass.
Then the firewall is misconfigured. Ordinary DNS lookups can require TCP. That's what the "tc" flag is for. > > I (partially) agree to the speedup effects you mentioned but if just 5 > out of 13 root servers support AXFR, your bind will sit for a while to > find a root server responding to it's AXFR requests. That may eat up > your speed improvements. Type hint for the root zone always works > (regardless of the firewall and which root server is being queried). > > Volker > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "[EMAIL PROTECTED]" -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED] _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
